package com.liberty.dasheen.config.shiro.realm;
import java.util.List;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

import com.liberty.dasheen.entity.SysUser;
import com.liberty.dasheen.mapper.SysRolePermissionMapper;
import com.liberty.dasheen.mapper.SysUserMapper;
import com.liberty.dasheen.mapper.SysUserRoleMapper;

public class ShiroDbRealm extends AuthorizingRealm {

	//private static final Logger log = LoggerFactory.getLogger(ShiroDbRealm.class);

	@Autowired
	private SysUserMapper sysUserMapper;
	@Autowired
	private SysUserRoleMapper sysUserRoleMapper;
	@Autowired
	private SysRolePermissionMapper sysRolePermissionMapper;

	/**
	 * 授权
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		SysUser user = (SysUser) principals.getPrimaryPrincipal();
		String userCode = user.getUserCode();
		SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
		List<String> roles = sysUserRoleMapper.listRoleCodeByUserCode(userCode);
		List<String> permissions = sysRolePermissionMapper.listPermissionIdByUserCode(userCode);
		authorizationInfo.addRoles(roles);
		authorizationInfo.addStringPermissions(permissions);
		return authorizationInfo;
	}

	/**
	 * 认证
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		UsernamePasswordToken upToken = (UsernamePasswordToken) token;
		if (token == null)
			return null;
		String userCode = upToken.getUsername();
		SysUser user = (SysUser) sysUserMapper.getByUserCode(userCode);

		if (user == null) {
			throw new UnknownAccountException("用户不存在！");
		}
		// 认证的实体信息，如username或者是user对象

		Object principals = user.getUserCode();
		// 密码

		Object credentials = user.getPassword();
		// 盐值

		ByteSource salt = ByteSource.Util.bytes(user.getSalt());
		// 当前real的name

		String realmName = getName();
		SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(principals, credentials, salt, realmName);
		List<String> permissions = sysRolePermissionMapper.listPermissionIdByUserCode(userCode);
		Subject currentUser = SecurityUtils.getSubject();
		Session session = currentUser.getSession();
		session.setAttribute("user", user);
		session.setAttribute("permissions", permissions);
		return info;
	}

}